This alert is relevant to Australian businesses, organisations, and government entities.
This alert contains a combination of simple and technical advice.
Background / What has happened?
- The ASD’s ACSC is aware of an Unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2024-21762) in Fortinet FortiOS devices.
- CVE-2024-21762 refers to an out-of-bounds write vulnerability that may allow Unauthenticated RCE via a specially crafted HTTP request.
Mitigation / How do I stay secure?
The ASD’s ACSC recommends business, organisations and government entities patch affected devices or disable SSL VPN if unable to patch.
Fortinet’s Fortiguard has further information on affected versions and patching.
Assistance / Where can I go for help?
Your report makes a difference and helps us to produce advice that protects the broader Australian community.